github.com/minio/console@v1.4.1/web-app/src/common/SecureComponent/permissions.ts (about) 1 // This file is part of MinIO Console Server 2 // Copyright (c) 2021 MinIO, Inc. 3 // 4 // This program is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Affero General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // This program is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Affero General Public License for more details. 13 // 14 // You should have received a copy of the GNU Affero General Public License 15 // along with this program. If not, see <http://www.gnu.org/licenses/>. 16 17 export const IAM_ROLES = { 18 BUCKET_OWNER: "BUCKET_OWNER", // upload/delete objects from the bucket 19 BUCKET_VIEWER: "BUCKET_VIEWER", // only view objects on the bucket 20 BUCKET_ADMIN: "BUCKET_ADMIN", // administrate the bucket 21 BUCKET_LIFECYCLE: "BUCKET_LIFECYCLE", // can manage bucket lifecycle 22 }; 23 24 export const IAM_SCOPES = { 25 S3_STAR_BUCKET: "s3:*Bucket", 26 S3_LIST_BUCKET: "s3:ListBucket", 27 S3_ALL_LIST_BUCKET: "s3:List*", 28 S3_GET_BUCKET_POLICY: "s3:GetBucketPolicy", 29 S3_PUT_BUCKET_POLICY: "s3:PutBucketPolicy", 30 S3_GET_OBJECT: "s3:GetObject", 31 S3_PUT_OBJECT: "s3:PutObject", 32 S3_GET_ACTIONS: "s3:Get*", 33 S3_PUT_ACTIONS: "s3:Put*", 34 S3_GET_OBJECT_LEGAL_HOLD: "s3:GetObjectLegalHold", 35 S3_PUT_OBJECT_LEGAL_HOLD: "s3:PutObjectLegalHold", 36 S3_DELETE_OBJECT: "s3:DeleteObject", 37 S3_GET_BUCKET_VERSIONING: "s3:GetBucketVersioning", 38 S3_PUT_BUCKET_VERSIONING: "s3:PutBucketVersioning", 39 S3_GET_OBJECT_RETENTION: "s3:GetObjectRetention", 40 S3_PUT_OBJECT_RETENTION: "s3:PutObjectRetention", 41 S3_GET_OBJECT_TAGGING: "s3:GetObjectTagging", 42 S3_PUT_OBJECT_TAGGING: "s3:PutObjectTagging", 43 S3_DELETE_OBJECT_TAGGING: "s3:DeleteObjectTagging", 44 S3_GET_BUCKET_ENCRYPTION_CONFIGURATION: "s3:GetEncryptionConfiguration", 45 S3_PUT_BUCKET_ENCRYPTION_CONFIGURATION: "s3:PutEncryptionConfiguration", 46 S3_CREATE_BUCKET: "s3:CreateBucket", 47 S3_DELETE_BUCKET: "s3:DeleteBucket", 48 S3_FORCE_DELETE_BUCKET: "s3:ForceDeleteBucket", 49 S3_GET_BUCKET_NOTIFICATIONS: "s3:GetBucketNotification", 50 S3_LISTEN_BUCKET_NOTIFICATIONS: "s3:ListenBucketNotification", 51 S3_PUT_BUCKET_NOTIFICATIONS: "s3:PutBucketNotification", 52 S3_GET_REPLICATION_CONFIGURATION: "s3:GetReplicationConfiguration", 53 S3_PUT_REPLICATION_CONFIGURATION: "s3:PutReplicationConfiguration", 54 S3_GET_LIFECYCLE_CONFIGURATION: "s3:GetLifecycleConfiguration", 55 S3_PUT_LIFECYCLE_CONFIGURATION: "s3:PutLifecycleConfiguration", 56 S3_GET_BUCKET_OBJECT_LOCK_CONFIGURATION: 57 "s3:GetBucketObjectLockConfiguration", 58 S3_PUT_BUCKET_OBJECT_LOCK_CONFIGURATION: 59 "s3:PutBucketObjectLockConfiguration", 60 ADMIN_GET_POLICY: "admin:GetPolicy", 61 ADMIN_LIST_USERS: "admin:ListUsers", 62 ADMIN_CREATE_USER: "admin:CreateUser", 63 ADMIN_DELETE_USER: "admin:DeleteUser", 64 ADMIN_ENABLE_USER: "admin:EnableUser", 65 ADMIN_DISABLE_USER: "admin:DisableUser", 66 ADMIN_GET_USER: "admin:GetUser", 67 ADMIN_LIST_USER_POLICIES: "admin:ListUserPolicies", 68 ADMIN_SERVER_INFO: "admin:ServerInfo", 69 ADMIN_GET_BUCKET_QUOTA: "admin:GetBucketQuota", 70 ADMIN_SET_BUCKET_QUOTA: "admin:SetBucketQuota", 71 ADMIN_LIST_TIERS: "admin:ListTier", 72 ADMIN_SET_TIER: "admin:SetTier", 73 ADMIN_LIST_GROUPS: "admin:ListGroups", 74 S3_GET_OBJECT_VERSION_FOR_REPLICATION: "s3:GetObjectVersionForReplication", 75 S3_REPLICATE_TAGS: "s3:ReplicateTags", 76 S3_REPLICATE_DELETE: "s3:ReplicateDelete", 77 S3_REPLICATE_OBJECT: "s3:ReplicateObject", 78 S3_PUT_OBJECT_VERSION_TAGGING: "s3:PutObjectVersionTagging", 79 S3_DELETE_OBJECT_VERSION_TAGGING: "s3:DeleteObjectVersionTagging", 80 S3_DELETE_OBJECT_VERSION: "s3:DeleteObjectVersion", 81 S3_GET_OBJECT_VERSION_TAGGING: "s3:GetObjectVersionTagging", 82 S3_GET_OBJECT_VERSION: "s3:GetObjectVersion", 83 S3_PUT_BUCKET_TAGGING: "s3:PutBucketTagging", 84 S3_GET_BUCKET_TAGGING: "s3:GetBucketTagging", 85 S3_BYPASS_GOVERNANCE_RETENTION: "s3:BypassGovernanceRetention", 86 S3_LIST_MULTIPART_UPLOAD_PARTS: "s3:ListMultipartUploadParts", 87 S3_LISTEN_NOTIFICATIONS: "s3:ListenNotification", 88 S3_LIST_BUCKET_MULTIPART_UPLOADS: "s3:ListBucketMultipartUploads", 89 S3_LIST_BUCKET_VERSIONS: "s3:ListBucketVersions", 90 S3_GET_BUCKET_POLICY_STATUS: "s3:GetBucketPolicyStatus", 91 S3_LIST_ALL_MY_BUCKETS: "s3:ListAllMyBuckets", 92 S3_HEAD_BUCKET: "s3:HeadBucket", 93 S3_GET_BUCKET_LOCATION: "s3:GetBucketLocation", 94 S3_DELETE_BUCKET_POLICY: "s3:DeleteBucketPolicy", 95 S3_ABORT_MULTIPART_UPLOAD: "s3:AbortMultipartUpload", 96 ADMIN_ADD_USER_TO_GROUP: "admin:AddUserToGroup", 97 ADMIN_REMOVE_USER_FROM_GROUP: "admin:RemoveUserFromGroup", 98 ADMIN_GET_GROUP: "admin:GetGroup", 99 ADMIN_ENABLE_GROUP: "admin:EnableGroup", 100 ADMIN_DISABLE_GROUP: "admin:DisableGroup", 101 ADMIN_CREATE_POLICY: "admin:CreatePolicy", 102 ADMIN_DELETE_POLICY: "admin:DeletePolicy", 103 ADMIN_ATTACH_USER_OR_GROUP_POLICY: "admin:AttachUserOrGroupPolicy", 104 ADMIN_CREATE_SERVICEACCOUNT: "admin:CreateServiceAccount", 105 ADMIN_UPDATE_SERVICEACCOUNT: "admin:UpdateServiceAccount", 106 ADMIN_REMOVE_SERVICEACCOUNT: "admin:RemoveServiceAccount", 107 ADMIN_LIST_SERVICEACCOUNTS: "admin:ListServiceAccounts", 108 ADMIN_CONFIG_UPDATE: "admin:ConfigUpdate", 109 ADMIN_GET_CONSOLE_LOG: "admin:ConsoleLog", 110 ADMIN_SERVER_TRACE: "admin:ServerTrace", 111 ADMIN_HEALTH_INFO: "admin:OBDInfo", 112 ADMIN_HEAL: "admin:Heal", 113 ADMIN_INSPECT_DATA: "admin:InspectData", 114 S3_ALL_ACTIONS: "s3:*", 115 ADMIN_ALL_ACTIONS: "admin:*", 116 KMS_ALL_ACTIONS: "kms:*", 117 KMS_STATUS: "kms:Status", 118 KMS_METRICS: "kms:Metrics", 119 KMS_APIS: "kms:API", 120 KMS_Version: "kms:Version", 121 KMS_CREATE_KEY: "kms:CreateKey", 122 KMS_DELETE_KEY: "kms:DeleteKey", 123 KMS_LIST_KEYS: "kms:ListKeys", 124 KMS_IMPORT_KEY: "kms:ImportKey", 125 KMS_KEY_STATUS: "kms:KeyStatus", 126 KMS_DESCRIBE_POLICY: "kms:DescribePolicy", 127 KMS_ASSIGN_POLICY: "kms:AssignPolicy", 128 KMS_DELETE_POLICY: "kms:DeletePolicy", 129 KMS_SET_POLICY: "kms:SetPolicy", 130 KMS_GET_POLICY: "kms:GetPolicy", 131 KMS_LIST_POLICIES: "kms:ListPolicies", 132 KMS_DESCRIBE_IDENTITY: "kms:DescribeIdentity", 133 KMS_DESCRIBE_SELF_IDENTITY: "kms:DescribeSelfIdentity", 134 KMS_DELETE_IDENTITY: "kms:DeleteIdentity", 135 KMS_LIST_IDENTITIES: "kms:ListIdentities", 136 }; 137 138 export const IAM_PAGES = { 139 /* Buckets */ 140 BUCKETS: "/buckets", 141 ADD_BUCKETS: "add-bucket", 142 BUCKETS_ADD_REPLICATION: "/buckets/add-replication", 143 BUCKETS_ADMIN_VIEW: ":bucketName/admin/*", 144 BUCKETS_EDIT_REPLICATION: "/buckets/edit-replication", 145 /* Object Browser */ 146 OBJECT_BROWSER_VIEW: "/browser", 147 OBJECT_BROWSER_BUCKET_VIEW: "/browser/:bucketName", 148 OBJECT_BROWSER_BUCKET_DETAILS_VIEW: "/browser/:bucketName/*", 149 /* Identity */ 150 IDENTITY: "/identity", 151 USERS: "/identity/users", 152 USERS_VIEW: "/identity/users/:userName", 153 USER_ADD: "/identity/users/add-user", 154 GROUPS: "/identity/groups", 155 GROUPS_ADD: "/identity/groups/create-group", 156 GROUPS_VIEW: "/identity/groups/:groupName", 157 ACCOUNT: "/access-keys", 158 ACCOUNT_ADD: "/access-keys/new-account", 159 USER_SA_ACCOUNT_ADD: "/identity/users/new-user-sa/:userName", 160 161 /* IDP */ 162 IDP_LDAP_CONFIGURATIONS: "/identity/ldap/configuration", 163 164 IDP_OPENID_CONFIGURATIONS: "/identity/idp/openid/configurations", 165 IDP_OPENID_CONFIGURATIONS_VIEW: 166 "/identity/idp/openid/configurations/:idpName", 167 IDP_OPENID_CONFIGURATIONS_ADD: "/identity/idp/openid/configurations/add-idp", 168 169 POLICIES: "/policies", 170 POLICY_ADD: "/add-policy", 171 POLICIES_VIEW: "/policies/*", 172 /* Monitoring */ 173 TOOLS_LOGS: "/tools/logs", 174 TOOLS_AUDITLOGS: "/tools/audit-logs", 175 TOOLS_TRACE: "/tools/trace", 176 DASHBOARD: "/tools/metrics", 177 TOOLS_WATCH: "/tools/watch", 178 179 /* KMS */ 180 KMS: "/kms", 181 KMS_STATUS: "/kms/status", 182 KMS_KEYS: "/kms/keys", 183 KMS_KEYS_ADD: "/kms/add-key/", 184 KMS_KEYS_IMPORT: "/kms/import-key/", 185 186 /* Support */ 187 TOOLS: "/support", 188 REGISTER_SUPPORT: "/support/register", 189 TOOLS_DIAGNOSTICS: "/support/diagnostics", 190 TOOLS_SPEEDTEST: "/support/speedtest", 191 CALL_HOME: "/support/call-home", 192 PROFILE: "/support/profile", 193 SUPPORT_INSPECT: "/support/inspect", 194 195 /** License **/ 196 LICENSE: "/license", 197 /* Settings **/ 198 SETTINGS: "/settings/configurations", 199 SETTINGS_VIEW: "/settings/configurations/:option", 200 /* Documentation **/ 201 DOCUMENTATION: "/documentation", 202 /* TBD ? */ 203 EVENT_DESTINATIONS: "/settings/event-destinations", 204 EVENT_DESTINATIONS_ADD: "/settings/event-destinations/add", 205 EVENT_DESTINATIONS_ADD_SERVICE: "/settings/event-destinations/add/:service", 206 TIERS: "/settings/tiers", 207 TIERS_ADD: "/settings/tiers/add", 208 TIERS_ADD_SERVICE: "/settings/tiers/add/:service", 209 SITE_REPLICATION: "/settings/site-replication", 210 SITE_REPLICATION_STATUS: "/settings/site-replication/status", 211 SITE_REPLICATION_ADD: "/settings/site-replication/add", 212 }; 213 214 // roles 215 export const IAM_PERMISSIONS = { 216 [IAM_ROLES.BUCKET_OWNER]: [ 217 IAM_SCOPES.S3_PUT_OBJECT, 218 IAM_SCOPES.S3_PUT_ACTIONS, 219 IAM_SCOPES.S3_DELETE_OBJECT, 220 ], 221 [IAM_ROLES.BUCKET_VIEWER]: [ 222 IAM_SCOPES.S3_LIST_BUCKET, 223 IAM_SCOPES.S3_ALL_LIST_BUCKET, 224 ], 225 [IAM_ROLES.BUCKET_ADMIN]: [ 226 IAM_SCOPES.S3_ALL_ACTIONS, 227 IAM_SCOPES.ADMIN_ALL_ACTIONS, 228 IAM_SCOPES.S3_REPLICATE_OBJECT, 229 IAM_SCOPES.S3_REPLICATE_DELETE, 230 IAM_SCOPES.S3_REPLICATE_TAGS, 231 IAM_SCOPES.S3_GET_OBJECT_VERSION_FOR_REPLICATION, 232 IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION, 233 IAM_SCOPES.S3_GET_REPLICATION_CONFIGURATION, 234 IAM_SCOPES.S3_GET_BUCKET_VERSIONING, 235 IAM_SCOPES.S3_PUT_BUCKET_VERSIONING, 236 IAM_SCOPES.S3_GET_BUCKET_ENCRYPTION_CONFIGURATION, 237 IAM_SCOPES.S3_PUT_BUCKET_ENCRYPTION_CONFIGURATION, 238 IAM_SCOPES.S3_DELETE_OBJECT_TAGGING, 239 IAM_SCOPES.S3_PUT_OBJECT_TAGGING, 240 IAM_SCOPES.S3_GET_OBJECT_TAGGING, 241 IAM_SCOPES.S3_PUT_OBJECT_VERSION_TAGGING, 242 IAM_SCOPES.S3_DELETE_OBJECT_VERSION_TAGGING, 243 IAM_SCOPES.S3_DELETE_OBJECT_VERSION, 244 IAM_SCOPES.S3_GET_OBJECT_VERSION_TAGGING, 245 IAM_SCOPES.S3_GET_OBJECT_VERSION, 246 IAM_SCOPES.S3_PUT_BUCKET_TAGGING, 247 IAM_SCOPES.S3_GET_BUCKET_TAGGING, 248 IAM_SCOPES.S3_PUT_BUCKET_OBJECT_LOCK_CONFIGURATION, 249 IAM_SCOPES.S3_GET_BUCKET_OBJECT_LOCK_CONFIGURATION, 250 IAM_SCOPES.S3_PUT_OBJECT_LEGAL_HOLD, 251 IAM_SCOPES.S3_GET_OBJECT_LEGAL_HOLD, 252 IAM_SCOPES.S3_GET_OBJECT_RETENTION, 253 IAM_SCOPES.S3_PUT_OBJECT_RETENTION, 254 IAM_SCOPES.S3_BYPASS_GOVERNANCE_RETENTION, 255 IAM_SCOPES.S3_PUT_BUCKET_POLICY, 256 IAM_SCOPES.S3_PUT_BUCKET_NOTIFICATIONS, 257 IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION, 258 IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION, 259 IAM_SCOPES.S3_LIST_MULTIPART_UPLOAD_PARTS, 260 IAM_SCOPES.S3_LISTEN_BUCKET_NOTIFICATIONS, 261 IAM_SCOPES.S3_LISTEN_NOTIFICATIONS, 262 IAM_SCOPES.S3_LIST_BUCKET_MULTIPART_UPLOADS, 263 IAM_SCOPES.S3_LIST_BUCKET_VERSIONS, 264 IAM_SCOPES.S3_GET_BUCKET_POLICY_STATUS, 265 IAM_SCOPES.S3_LIST_ALL_MY_BUCKETS, 266 IAM_SCOPES.S3_HEAD_BUCKET, 267 IAM_SCOPES.S3_GET_BUCKET_POLICY, 268 IAM_SCOPES.S3_GET_BUCKET_NOTIFICATIONS, 269 IAM_SCOPES.S3_GET_BUCKET_LOCATION, 270 IAM_SCOPES.S3_DELETE_BUCKET_POLICY, 271 IAM_SCOPES.S3_FORCE_DELETE_BUCKET, 272 IAM_SCOPES.S3_DELETE_BUCKET, 273 IAM_SCOPES.S3_CREATE_BUCKET, 274 IAM_SCOPES.S3_ABORT_MULTIPART_UPLOAD, 275 IAM_SCOPES.ADMIN_GET_POLICY, 276 IAM_SCOPES.ADMIN_LIST_USER_POLICIES, 277 IAM_SCOPES.ADMIN_LIST_USERS, 278 IAM_SCOPES.ADMIN_HEAL, 279 IAM_SCOPES.S3_GET_ACTIONS, 280 IAM_SCOPES.S3_PUT_ACTIONS, 281 ], 282 [IAM_ROLES.BUCKET_LIFECYCLE]: [ 283 IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION, 284 IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION, 285 IAM_SCOPES.S3_GET_ACTIONS, 286 IAM_SCOPES.S3_PUT_ACTIONS, 287 IAM_SCOPES.ADMIN_LIST_TIERS, 288 IAM_SCOPES.ADMIN_SET_TIER, 289 ], 290 }; 291 292 // application pages/routes and required scopes/roles 293 export const IAM_PAGES_PERMISSIONS = { 294 [IAM_PAGES.ADD_BUCKETS]: [ 295 IAM_SCOPES.S3_CREATE_BUCKET, // create bucket page 296 ], 297 [IAM_PAGES.BUCKETS_EDIT_REPLICATION]: [ 298 ...IAM_PERMISSIONS[IAM_ROLES.BUCKET_ADMIN], // edit bucket replication bucket page 299 ], 300 [IAM_PAGES.BUCKETS_ADD_REPLICATION]: [ 301 ...IAM_PERMISSIONS[IAM_ROLES.BUCKET_ADMIN], // add bucket replication rule 302 ], 303 [IAM_PAGES.BUCKETS_ADMIN_VIEW]: [ 304 ...IAM_PERMISSIONS[IAM_ROLES.BUCKET_ADMIN], // bucket admin page 305 ], 306 [IAM_PAGES.OBJECT_BROWSER_VIEW]: [ 307 ...IAM_PERMISSIONS[IAM_ROLES.BUCKET_OWNER], 308 ...IAM_PERMISSIONS[IAM_ROLES.BUCKET_VIEWER], 309 ], 310 [IAM_PAGES.GROUPS]: [ 311 IAM_SCOPES.ADMIN_LIST_GROUPS, // displays groups 312 IAM_SCOPES.ADMIN_ADD_USER_TO_GROUP, // displays create group button 313 ], 314 [IAM_PAGES.GROUPS_VIEW]: [ 315 IAM_SCOPES.ADMIN_GET_GROUP, 316 IAM_SCOPES.ADMIN_DISABLE_GROUP, 317 IAM_SCOPES.ADMIN_ENABLE_GROUP, 318 IAM_SCOPES.ADMIN_REMOVE_USER_FROM_GROUP, 319 IAM_SCOPES.ADMIN_LIST_USER_POLICIES, 320 IAM_SCOPES.ADMIN_ADD_USER_TO_GROUP, // display "edit members" button in groups detail page 321 IAM_SCOPES.ADMIN_ATTACH_USER_OR_GROUP_POLICY, // display "set policy" button in groups details page 322 ], 323 [IAM_PAGES.GROUPS_ADD]: [ 324 IAM_SCOPES.ADMIN_LIST_USERS, // displays users 325 IAM_SCOPES.ADMIN_CREATE_USER, // displays create user button 326 ], 327 [IAM_PAGES.USERS]: [ 328 IAM_SCOPES.ADMIN_LIST_USERS, // displays users 329 IAM_SCOPES.ADMIN_CREATE_USER, // displays create user button 330 ], 331 [IAM_PAGES.USERS_VIEW]: [ 332 IAM_SCOPES.ADMIN_GET_USER, // displays list of users 333 IAM_SCOPES.ADMIN_ADD_USER_TO_GROUP, // displays "add to gorups" button in user details page 334 IAM_SCOPES.ADMIN_ENABLE_USER, 335 IAM_SCOPES.ADMIN_DISABLE_USER, 336 IAM_SCOPES.ADMIN_DELETE_USER, 337 ], 338 [IAM_PAGES.USER_SA_ACCOUNT_ADD]: [ 339 IAM_SCOPES.ADMIN_CREATE_SERVICEACCOUNT, 340 IAM_SCOPES.ADMIN_UPDATE_SERVICEACCOUNT, 341 IAM_SCOPES.ADMIN_REMOVE_SERVICEACCOUNT, 342 IAM_SCOPES.ADMIN_LIST_SERVICEACCOUNTS, 343 ], 344 [IAM_PAGES.USER_ADD]: [IAM_SCOPES.ADMIN_CREATE_USER], // displays create user button 345 [IAM_PAGES.ACCOUNT_ADD]: [IAM_SCOPES.ADMIN_CREATE_SERVICEACCOUNT], 346 [IAM_PAGES.DASHBOARD]: [ 347 IAM_SCOPES.ADMIN_SERVER_INFO, // displays dashboard information 348 ], 349 [IAM_PAGES.POLICIES_VIEW]: [ 350 IAM_SCOPES.ADMIN_DELETE_POLICY, 351 IAM_SCOPES.ADMIN_LIST_GROUPS, 352 IAM_SCOPES.ADMIN_GET_GROUP, 353 IAM_SCOPES.ADMIN_GET_POLICY, 354 IAM_SCOPES.ADMIN_CREATE_POLICY, 355 ], 356 [IAM_PAGES.POLICIES]: [ 357 IAM_SCOPES.ADMIN_LIST_USER_POLICIES, // displays policies 358 IAM_SCOPES.ADMIN_CREATE_POLICY, // displays create policy button 359 ], 360 [IAM_PAGES.POLICY_ADD]: [ 361 IAM_SCOPES.ADMIN_CREATE_POLICY, // displays create policy button 362 ], 363 [IAM_PAGES.SETTINGS]: [ 364 IAM_SCOPES.ADMIN_CONFIG_UPDATE, // displays configuration list 365 ], 366 [IAM_PAGES.SETTINGS_VIEW]: [ 367 IAM_SCOPES.ADMIN_CONFIG_UPDATE, // displays configuration list 368 ], 369 [IAM_PAGES.EVENT_DESTINATIONS_ADD_SERVICE]: [ 370 IAM_SCOPES.ADMIN_SERVER_INFO, 371 IAM_SCOPES.ADMIN_CONFIG_UPDATE, 372 ], 373 [IAM_PAGES.EVENT_DESTINATIONS_ADD]: [ 374 IAM_SCOPES.ADMIN_SERVER_INFO, 375 IAM_SCOPES.ADMIN_CONFIG_UPDATE, 376 ], 377 [IAM_PAGES.EVENT_DESTINATIONS]: [ 378 IAM_SCOPES.ADMIN_SERVER_INFO, // displays notifications endpoints 379 IAM_SCOPES.ADMIN_CONFIG_UPDATE, // displays create notification button 380 ], 381 [IAM_PAGES.TIERS]: [ 382 IAM_SCOPES.ADMIN_LIST_TIERS, // display tiers list 383 ], 384 [IAM_PAGES.TIERS_ADD]: [ 385 IAM_SCOPES.ADMIN_SET_TIER, // display "add tier" button / shows add service tier page 386 IAM_SCOPES.ADMIN_LIST_TIERS, // display tiers list 387 ], 388 [IAM_PAGES.TIERS_ADD_SERVICE]: [ 389 IAM_SCOPES.ADMIN_SET_TIER, // display "add tier" button / shows add service tier page 390 IAM_SCOPES.ADMIN_LIST_TIERS, // display tiers list 391 ], 392 [IAM_PAGES.TOOLS]: [ 393 IAM_SCOPES.S3_LISTEN_NOTIFICATIONS, // displays watch notifications 394 IAM_SCOPES.S3_LISTEN_BUCKET_NOTIFICATIONS, // display watch notifications 395 IAM_SCOPES.ADMIN_GET_CONSOLE_LOG, // display minio console logs 396 IAM_SCOPES.ADMIN_SERVER_TRACE, // display minio trace 397 IAM_SCOPES.ADMIN_HEAL, // display heal 398 IAM_SCOPES.ADMIN_HEALTH_INFO, // display diagnostics / display speedtest / display audit log 399 IAM_SCOPES.ADMIN_SERVER_INFO, // display diagnostics 400 ], 401 [IAM_PAGES.TOOLS_LOGS]: [IAM_SCOPES.ADMIN_GET_CONSOLE_LOG], 402 [IAM_PAGES.TOOLS_AUDITLOGS]: [IAM_SCOPES.ADMIN_HEALTH_INFO], 403 [IAM_PAGES.TOOLS_WATCH]: [ 404 IAM_SCOPES.S3_LISTEN_NOTIFICATIONS, // displays watch notifications 405 IAM_SCOPES.S3_LISTEN_BUCKET_NOTIFICATIONS, // display watch notifications 406 ], 407 [IAM_PAGES.TOOLS_TRACE]: [IAM_SCOPES.ADMIN_SERVER_TRACE], 408 [IAM_PAGES.TOOLS_DIAGNOSTICS]: [ 409 IAM_SCOPES.ADMIN_HEALTH_INFO, 410 IAM_SCOPES.ADMIN_SERVER_INFO, 411 ], 412 [IAM_PAGES.TOOLS_SPEEDTEST]: [IAM_SCOPES.ADMIN_HEALTH_INFO], 413 [IAM_PAGES.REGISTER_SUPPORT]: [ 414 IAM_SCOPES.ADMIN_SERVER_INFO, 415 IAM_SCOPES.ADMIN_CONFIG_UPDATE, 416 ], 417 [IAM_PAGES.CALL_HOME]: [IAM_SCOPES.ADMIN_HEALTH_INFO], 418 [IAM_PAGES.PROFILE]: [IAM_SCOPES.ADMIN_HEALTH_INFO], 419 [IAM_PAGES.SUPPORT_INSPECT]: [IAM_SCOPES.ADMIN_HEALTH_INFO], 420 [IAM_PAGES.LICENSE]: [ 421 IAM_SCOPES.ADMIN_SERVER_INFO, 422 IAM_SCOPES.ADMIN_CONFIG_UPDATE, 423 ], 424 [IAM_PAGES.SITE_REPLICATION]: [ 425 IAM_SCOPES.ADMIN_SERVER_INFO, 426 IAM_SCOPES.ADMIN_CONFIG_UPDATE, 427 ], 428 [IAM_PAGES.SITE_REPLICATION_STATUS]: [ 429 IAM_SCOPES.ADMIN_SERVER_INFO, 430 IAM_SCOPES.ADMIN_CONFIG_UPDATE, 431 ], 432 [IAM_PAGES.SITE_REPLICATION_ADD]: [ 433 IAM_SCOPES.ADMIN_SERVER_INFO, 434 IAM_SCOPES.ADMIN_CONFIG_UPDATE, 435 ], 436 [IAM_PAGES.KMS]: [IAM_SCOPES.KMS_ALL_ACTIONS], 437 [IAM_PAGES.KMS_STATUS]: [IAM_SCOPES.KMS_ALL_ACTIONS, IAM_SCOPES.KMS_STATUS], 438 [IAM_PAGES.KMS_KEYS]: [ 439 IAM_SCOPES.KMS_ALL_ACTIONS, 440 IAM_SCOPES.KMS_CREATE_KEY, 441 IAM_SCOPES.KMS_DELETE_KEY, 442 IAM_SCOPES.KMS_LIST_KEYS, 443 IAM_SCOPES.KMS_IMPORT_KEY, 444 IAM_SCOPES.KMS_KEY_STATUS, 445 ], 446 [IAM_PAGES.KMS_KEYS_ADD]: [ 447 IAM_SCOPES.KMS_LIST_KEYS, 448 IAM_SCOPES.KMS_CREATE_KEY, 449 ], 450 [IAM_PAGES.KMS_KEYS_IMPORT]: [ 451 IAM_SCOPES.KMS_LIST_KEYS, 452 IAM_SCOPES.KMS_IMPORT_KEY, 453 ], 454 [IAM_PAGES.IDP_LDAP_CONFIGURATIONS]: [ 455 IAM_SCOPES.ADMIN_ALL_ACTIONS, 456 IAM_SCOPES.ADMIN_CONFIG_UPDATE, 457 ], 458 [IAM_PAGES.IDP_OPENID_CONFIGURATIONS]: [ 459 IAM_SCOPES.ADMIN_ALL_ACTIONS, 460 IAM_SCOPES.ADMIN_CONFIG_UPDATE, 461 ], 462 [IAM_PAGES.IDP_OPENID_CONFIGURATIONS_ADD]: [ 463 IAM_SCOPES.ADMIN_ALL_ACTIONS, 464 IAM_SCOPES.ADMIN_CONFIG_UPDATE, 465 ], 466 [IAM_PAGES.IDP_OPENID_CONFIGURATIONS_VIEW]: [ 467 IAM_SCOPES.ADMIN_ALL_ACTIONS, 468 IAM_SCOPES.ADMIN_CONFIG_UPDATE, 469 ], 470 }; 471 472 export const S3_ALL_RESOURCES = "arn:aws:s3:::*"; 473 export const CONSOLE_UI_RESOURCE = "console-ui"; 474 475 export const permissionTooltipHelper = (scopes: string[], name: string) => { 476 let niceScopes = scopes.join(", ").toString(); 477 478 return ( 479 "You require additional permissions in order to " + 480 name + 481 ". Please ask your MinIO administrator to grant you " + 482 niceScopes + 483 " permission" + 484 (scopes.length > 1 ? "s" : "") + 485 " in order to " + 486 name + 487 "." 488 ); 489 }; 490 491 export const listUsersPermissions = [IAM_SCOPES.ADMIN_LIST_USERS]; 492 493 export const addUserToGroupPermissions = [IAM_SCOPES.ADMIN_ADD_USER_TO_GROUP]; 494 495 export const deleteUserPermissions = [IAM_SCOPES.ADMIN_DELETE_USER]; 496 497 export const enableUserPermissions = [IAM_SCOPES.ADMIN_ENABLE_USER]; 498 499 export const disableUserPermissions = [IAM_SCOPES.ADMIN_DISABLE_USER]; 500 501 //note that adminUserPermissions does NOT include ADMIN_CREATE_USER to allow hiding the Users tab for users wtih only this permission as it is being applied by default 502 export const adminUserPermissions = [ 503 IAM_SCOPES.ADMIN_LIST_USER_POLICIES, 504 IAM_SCOPES.ADMIN_LIST_USERS, 505 IAM_SCOPES.ADMIN_ADD_USER_TO_GROUP, 506 IAM_SCOPES.ADMIN_REMOVE_USER_FROM_GROUP, 507 IAM_SCOPES.ADMIN_ATTACH_USER_OR_GROUP_POLICY, 508 IAM_SCOPES.ADMIN_LIST_USERS, 509 IAM_SCOPES.ADMIN_DELETE_USER, 510 IAM_SCOPES.ADMIN_ENABLE_USER, 511 IAM_SCOPES.ADMIN_DISABLE_USER, 512 IAM_SCOPES.ADMIN_GET_USER, 513 IAM_SCOPES.ADMIN_LIST_USER_POLICIES, 514 ]; 515 516 export const assignIAMPolicyPermissions = [ 517 IAM_SCOPES.ADMIN_ATTACH_USER_OR_GROUP_POLICY, 518 IAM_SCOPES.ADMIN_LIST_USER_POLICIES, 519 IAM_SCOPES.ADMIN_GET_POLICY, 520 ]; 521 522 export const assignGroupPermissions = [ 523 IAM_SCOPES.ADMIN_ADD_USER_TO_GROUP, 524 IAM_SCOPES.ADMIN_REMOVE_USER_FROM_GROUP, 525 IAM_SCOPES.ADMIN_LIST_GROUPS, 526 IAM_SCOPES.ADMIN_ENABLE_USER, 527 ]; 528 529 export const getGroupPermissions = [IAM_SCOPES.ADMIN_GET_GROUP]; 530 531 export const enableDisableUserPermissions = [ 532 IAM_SCOPES.ADMIN_ENABLE_USER, 533 IAM_SCOPES.ADMIN_DISABLE_USER, 534 ]; 535 536 export const editServiceAccountPermissions = [ 537 IAM_SCOPES.ADMIN_LIST_SERVICEACCOUNTS, 538 IAM_SCOPES.ADMIN_UPDATE_SERVICEACCOUNT, 539 IAM_SCOPES.ADMIN_REMOVE_SERVICEACCOUNT, 540 ]; 541 542 export const applyPolicyPermissions = [ 543 IAM_SCOPES.ADMIN_ATTACH_USER_OR_GROUP_POLICY, 544 IAM_SCOPES.ADMIN_LIST_USER_POLICIES, 545 ]; 546 547 export const deleteGroupPermissions = [IAM_SCOPES.ADMIN_REMOVE_USER_FROM_GROUP]; 548 549 export const displayGroupsPermissions = [IAM_SCOPES.ADMIN_LIST_GROUPS]; 550 551 export const createGroupPermissions = [ 552 IAM_SCOPES.ADMIN_ADD_USER_TO_GROUP, 553 IAM_SCOPES.ADMIN_LIST_USERS, 554 ]; 555 556 export const viewUserPermissions = [ 557 IAM_SCOPES.ADMIN_GET_USER, 558 IAM_SCOPES.ADMIN_LIST_USERS, 559 ]; 560 export const editGroupMembersPermissions = [ 561 IAM_SCOPES.ADMIN_ADD_USER_TO_GROUP, 562 IAM_SCOPES.ADMIN_LIST_USERS, 563 ]; 564 export const setGroupPoliciesPermissions = [ 565 IAM_SCOPES.ADMIN_ATTACH_USER_OR_GROUP_POLICY, 566 IAM_SCOPES.ADMIN_LIST_USER_POLICIES, 567 ]; 568 export const viewPolicyPermissions = [IAM_SCOPES.ADMIN_GET_POLICY]; 569 export const enableDisableGroupPermissions = [ 570 IAM_SCOPES.ADMIN_ENABLE_GROUP, 571 IAM_SCOPES.ADMIN_DISABLE_GROUP, 572 ]; 573 export const createPolicyPermissions = [IAM_SCOPES.ADMIN_CREATE_POLICY]; 574 575 export const deletePolicyPermissions = [IAM_SCOPES.ADMIN_DELETE_POLICY]; 576 577 export const listPolicyPermissions = [IAM_SCOPES.ADMIN_LIST_USER_POLICIES]; 578 579 export const listGroupPermissions = [ 580 IAM_SCOPES.ADMIN_LIST_GROUPS, 581 IAM_SCOPES.ADMIN_GET_GROUP, 582 ]; 583 584 export const deleteBucketPermissions = [ 585 IAM_SCOPES.S3_DELETE_BUCKET, 586 IAM_SCOPES.S3_FORCE_DELETE_BUCKET, 587 ]; 588 589 export const browseBucketPermissions = [ 590 IAM_SCOPES.S3_LIST_BUCKET, 591 IAM_SCOPES.S3_ALL_LIST_BUCKET, 592 ];